monkey/monkey_island/cc/resources/monkey.py

128 lines
5.4 KiB
Python
Raw Normal View History

2017-08-25 22:47:08 +08:00
import json
from datetime import datetime
2017-08-25 22:47:08 +08:00
import dateutil.parser
2017-08-25 22:47:08 +08:00
from flask import request
import flask_restful
from cc.database import mongo
from cc.services.config import ConfigService
2017-09-12 18:48:36 +08:00
from cc.services.node import NodeService
2017-08-25 22:47:08 +08:00
__author__ = 'Barak'
2017-09-12 18:48:36 +08:00
# TODO: separate logic from interface
2017-08-25 22:47:08 +08:00
class Monkey(flask_restful.Resource):
def get(self, guid=None, **kw):
NodeService.update_dead_monkeys() # refresh monkeys status
2017-08-25 22:47:08 +08:00
if not guid:
guid = request.args.get('guid')
timestamp = request.args.get('timestamp')
if guid:
monkey_json = mongo.db.monkey.find_one_or_404({"guid": guid})
return monkey_json
else:
result = {'timestamp': datetime.now().isoformat()}
find_filter = {}
if timestamp is not None:
find_filter['modifytime'] = {'$gt': dateutil.parser.parse(timestamp)}
result['objects'] = [x for x in mongo.db.monkey.find(find_filter)]
return result
def patch(self, guid):
monkey_json = json.loads(request.data)
update = {"$set": {'modifytime': datetime.now()}}
2017-09-12 18:48:36 +08:00
monkey = NodeService.get_monkey_by_guid(guid)
2017-08-25 22:47:08 +08:00
if 'keepalive' in monkey_json:
update['$set']['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
else:
update['$set']['keepalive'] = datetime.now()
if 'config' in monkey_json:
update['$set']['config'] = monkey_json['config']
if 'config_error' in monkey_json:
update['$set']['config_error'] = monkey_json['config_error']
2017-09-12 18:48:36 +08:00
if 'tunnel' in monkey_json:
2017-10-01 21:34:11 +08:00
tunnel_host_ip = monkey_json['tunnel'].split(":")[-2].replace("//", "")
NodeService.set_monkey_tunnel(monkey["_id"], tunnel_host_ip)
2017-09-12 18:48:36 +08:00
return mongo.db.monkey.update({"_id": monkey["_id"]}, update, upsert=False)
2017-08-25 22:47:08 +08:00
def post(self, **kw):
monkey_json = json.loads(request.data)
monkey_json['creds'] = {}
2017-08-25 22:47:08 +08:00
if 'keepalive' in monkey_json:
monkey_json['keepalive'] = dateutil.parser.parse(monkey_json['keepalive'])
else:
monkey_json['keepalive'] = datetime.now()
monkey_json['modifytime'] = datetime.now()
# if new monkey telem, change config according to "new monkeys" config.
db_monkey = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})
if not db_monkey:
new_config = ConfigService.get_flat_config()
2017-08-25 22:47:08 +08:00
monkey_json['config'] = monkey_json.get('config', {})
monkey_json['config'].update(new_config)
else:
db_config = db_monkey.get('config', {})
if 'current_server' in db_config:
del db_config['current_server']
monkey_json.get('config', {}).update(db_config)
# try to find new monkey parent
parent = monkey_json.get('parent')
parent_to_add = (monkey_json.get('guid'), None) # default values in case of manual run
if parent and parent != monkey_json.get('guid'): # current parent is known
exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_type': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']},
'monkey_guid': {'$eq': parent}})]
if 1 == len(exploit_telem):
parent_to_add = (exploit_telem[0].get('monkey_guid'), exploit_telem[0].get('data').get('exploiter'))
else:
parent_to_add = (parent, None)
elif (not parent or parent == monkey_json.get('guid')) and 'ip_addresses' in monkey_json:
exploit_telem = [x for x in
mongo.db.telemetry.find({'telem_type': {'$eq': 'exploit'}, 'data.result': {'$eq': True},
'data.machine.ip_addr': {'$in': monkey_json['ip_addresses']}})]
if 1 == len(exploit_telem):
parent_to_add = (exploit_telem[0].get('monkey_guid'), exploit_telem[0].get('data').get('exploiter'))
if not db_monkey:
monkey_json['parent'] = [parent_to_add]
else:
monkey_json['parent'] = db_monkey.get('parent') + [parent_to_add]
2017-10-01 21:34:11 +08:00
tunnel_host_ip = None
2017-09-12 18:48:36 +08:00
if 'tunnel' in monkey_json:
2017-10-01 21:34:11 +08:00
tunnel_host_ip = monkey_json['tunnel'].split(":")[-2].replace("//", "")
2017-09-12 18:48:36 +08:00
monkey_json.pop('tunnel')
2017-08-25 22:47:08 +08:00
mongo.db.monkey.update({"guid": monkey_json["guid"]},
{"$set": monkey_json},
upsert=True)
# Merge existing scanned node with new monkey
new_monkey_id = mongo.db.monkey.find_one({"guid": monkey_json["guid"]})["_id"]
2017-10-01 21:34:11 +08:00
if tunnel_host_ip is not None:
NodeService.set_monkey_tunnel(new_monkey_id, tunnel_host_ip)
2017-09-12 18:48:36 +08:00
2017-08-25 22:47:08 +08:00
existing_node = mongo.db.node.find_one({"ip_addresses": {"$in": monkey_json["ip_addresses"]}})
if existing_node:
node_id = existing_node["_id"]
for edge in mongo.db.edge.find({"to": node_id}):
2017-08-25 22:47:08 +08:00
mongo.db.edge.update({"_id": edge["_id"]}, {"$set": {"to": new_monkey_id}})
for user in existing_node['creds']:
NodeService.add_credentials_to_monkey(new_monkey_id, user, existing_node['creds'][user])
mongo.db.node.remove({"_id": node_id})
2017-08-25 22:47:08 +08:00
2017-08-30 23:14:24 +08:00
return {"id": new_monkey_id}